From beda2356f5128efa4461046f882b6516ece6afc7 Mon Sep 17 00:00:00 2001
From: qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Fri, 28 Oct 2011 03:46:20 +0000
Subject: Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which
 is under Setup browser.

Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../DxeImageVerificationLib/DxeImageVerificationLib.c | 19 ++++++++++++++++++-
 .../DxeImageVerificationLib/DxeImageVerificationLib.h |  1 +
 .../DxeImageVerificationLib.inf                       |  1 +
 3 files changed, 20 insertions(+), 1 deletion(-)

(limited to 'SecurityPkg/Library/DxeImageVerificationLib')

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index dab35d5f6c..7bc3cc0ec0 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1117,7 +1117,6 @@ DxeImageVerificationHandler (
   IN  VOID                             *FileBuffer,
   IN  UINTN                            FileSize
   )
-
 {
   EFI_STATUS                  Status;
   UINT16                      Magic;
@@ -1130,6 +1129,7 @@ DxeImageVerificationHandler (
   EFI_IMAGE_EXECUTION_ACTION  Action;
   WIN_CERTIFICATE             *WinCertificate;
   UINT32                      Policy;
+  UINT8                       *SecureBootEnable;
 
   if (File == NULL) {
     return EFI_INVALID_PARAMETER;
@@ -1173,6 +1173,23 @@ DxeImageVerificationHandler (
   } else if (Policy == NEVER_EXECUTE) {
     return EFI_ACCESS_DENIED;
   }
+
+  SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);
+  //
+  // Skip verification if SecureBootEnable variable doesn't exist.
+  //
+  if (SecureBootEnable == NULL) {
+    return EFI_SUCCESS;
+  }
+
+  //
+  // Skip verification if SecureBootEnable is disabled.
+  //
+  if (*SecureBootEnable == SECURE_BOOT_DISABLE) {
+    FreePool (SecureBootEnable);
+    return EFI_SUCCESS;
+  }    
+ 
   SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);
 
   //
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
index 34ed0c89a1..2cd1f87468 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
@@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/SimpleFileSystem.h>
 #include <Protocol/VariableWrite.h>
 #include <Guid/ImageAuthentication.h>
+#include <Guid/AuthenticatedVariableFormat.h>
 #include <IndustryStandard/PeImage.h>
 
 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
index 5874d6b66b..1dda6774fa 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
@@ -62,6 +62,7 @@
   gEfiCertSha256Guid
   gEfiCertX509Guid
   gEfiCertRsa2048Guid
+  gEfiSecureBootEnableDisableGuid
   
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
-- 
cgit v1.2.3